com.atlassian.crowd.manager.login
Interface ForgottenLoginManager

All Known Implementing Classes:

ForgottenLoginManagerImpl, UnsupportedForgottenLoginManager

public interface ForgottenLoginManager

Manages functionality related to retrieving forgotten usernames or resetting forgotten passwords.

To reset a user's password, clients of ForgottenLoginManager would do the following:

1. sendResetLink sends the user a unique link to reset their password
2. resetUserCredential verifies that the reset token given by the user is correct using isValidResetToken, then resets if the user credentials if the token is valid.

Since:

v2.1.0

Method Summary

boolean	isValidResetToken(long directoryId, String username, String token) Returns true if the password reset token for the user with the specified username and directory ID are valid and not expired.
void	resetUserCredential(long directoryId, String username, PasswordCredential credential, String token) Resets the user credentials and invalidates the token.
void	sendResetLink(Application application, String username) Sends a reset link to the first user with the matching username from all the active directories assigned to the application.
void	sendResetLink(long directoryId, String username) Sends a reset link to the user with specified username and directory ID.
boolean	sendUsernames(Application application, String email) Sends the usernames associated with the given email address.

Method Detail

sendResetLink

void sendResetLink(Application application,
                   String username)
                   throws UserNotFoundException,
                          InvalidEmailAddressException,
                          ApplicationPermissionException

Sends a reset link to the first user with the matching username from all the active directories assigned to the application.

Parameters:

application - user is searched in application's assigned directories

username - username of the user to send the password reset link

Throws:

UserNotFoundException - if no user with the supplied username exists

InvalidEmailAddressException - if the user does not have a valid email address to send the password reset email to

ApplicationPermissionException - if the application does not have permission to modify the user

sendUsernames

boolean sendUsernames(Application application,
                      String email)
                      throws InvalidEmailAddressException

Sends the usernames associated with the given email address. No email will be sent if there are no usernames associated with a given email.

The method returns a boolean, which should only ever be passed to authenticated applications to avoid leaking information.

Parameters:

application - search application's assigned directories for usernames associated with the email

email - email address of the user

Returns:

true if any users with that address were found.

Throws:

InvalidEmailAddressException - if the email is not valid

sendResetLink

void sendResetLink(long directoryId,
                   String username)
                   throws DirectoryNotFoundException,
                          UserNotFoundException,
                          InvalidEmailAddressException,
                          OperationFailedException

Sends a reset link to the user with specified username and directory ID.

Similar to sendResetLink(Application, String) except applying to a directory-specific user.

Parameters:

directoryId - directory ID of the user to modify

username - username of the user to send the password reset link

Throws:

DirectoryNotFoundException - if the directory specified by directoryId could not be found

UserNotFoundException - if the user specified by username could not be found

InvalidEmailAddressException - if the user does not have a valid email address to send the password reset email to

OperationFailedException

isValidResetToken

boolean isValidResetToken(long directoryId,
                          String username,
                          String token)

Returns true if the password reset token for the user with the specified username and directory ID are valid and not expired. The valid password reset token is created by sendResetLink(com.atlassian.crowd.model.application.Application, java.lang.String).

Parameters:

directoryId - directory ID of the user to validate

username - username of the user to verify the token

token - password reset token

Returns:

true if the username and reset token are a valid combination and the reset token has not expired.

resetUserCredential

void resetUserCredential(long directoryId,
                         String username,
                         PasswordCredential credential,
                         String token)
                         throws DirectoryNotFoundException,
                                UserNotFoundException,
                                InvalidResetPasswordTokenException,
                                OperationFailedException,
                                InvalidCredentialException,
                                DirectoryPermissionException

Resets the user credentials and invalidates the token.

Parameters:

directoryId - directory ID of the user

username - user name of the user to perform a credential reset

credential - new credentials

token - password reset token

Throws:

DirectoryNotFoundException - if the directory could not be found.

UserNotFoundException - if the user could not be found in the given directory.

InvalidResetPasswordTokenException - if the reset token is not valid.

OperationFailedException - if there was an error performing the operation or instantiating the backend directory.

InvalidCredentialException - if the user's credential does not meet the validation requirements for an associated directory.

DirectoryPermissionException - if the directory is not allowed to perform the operation